2020 was a revelatory year. Remote working insisted many companies instantly evolve their structures as well as their communication and network systems at a breakneck speed. And as many security systems rushed to keep up, cyber thieves took advantage of the gap caused by an ongoing pandemic and a transitioning workforce. 

Moving into 2021, we haven’t seen a reprieve from cybercriminals. And as they continue to thrive, IT and security units are working around the clock to ensure improved security and transparency for their businesses and clients – all while navigating budgets and time restrictions. Insurance companies should view this unstable landscape, albeit a landscape populated by familiar attack methods, as the biggest threat moving forward.

In the first quarter of the year, the COVID-19 pandemic continues to dictate global behaviour. While many organisations continue on the long road towards financial stability, not to mention IT structures working to manage a new stay-at-home workforce, we can expect nefarious players to continue their exploitation of these weaknesses. 

“Even as IT teams across the globe have evolved to defend against new methods of attacks, we can expect cyber threats and challenges to continue even in a post-pandemic situation too. Munich Re APAC has reviewed a number of online sources and agrees with the following 2021 predictions,” asserts Harprit Singh Narang, Cyber Risk Specialist at Munich Re APAC. 

 

Based on the past trends and recent evolution, here are the top threats to watch out for in 2021:

1. Ransomware will continue to grow and expand in scope
   Ransomware attacks on networks, computers and mobile devices will remain the most prevalent cyber risk to the business this year. We have seen additional steps in ransomware gang’s tactics to download internal data before encryption to put additional pressure on victims to pay ransoms. Taking advantage of the remote work landscape, with a reliance on AI and automation as a key tactic to increase the frequency of attacks will be a prominent concern for security teams. “There will be a continued emphasis on double-extortion attacks that leak data online to extort victims, with further use of social media to amplify the pressure on victims. Other tactics could include increased use of distributed denial of service (DDoS) to attack victims and further pressure them to pay,” according to informationsecuritybuzz.com.
   
   
2. Phishing and Social Engineering as primary threat vectors
   Using trusted forms of communication, such as emails, to transport malware will persist in their prevalence. In particular, phishing emails embedded with ransomware, business email compromise (BEC) or other nefarious malware should be expected to continue to increase throughout 2021. Organisations must be diligent in their defence of these attacks, and even though there is no way to completely safeguard against phishing attacks, internal security testing and employee awareness can go a long way in spotting an attack before it begins.
   
   
3. Business Email Compromise (BEC) remains as major source of loss
   Business email compromise (BEC) is the defrauding of organisations by criminals placing themselves in the payment chain of companies through various methods, including social engineering, domain spoofing and account takeover. BEC tactics evolved through 2020, including the targeting of group inboxes with fraudulent instructions to change payment details for a client or vendor. And with the further exploitation of a company’s cloud accounts as well as businesses along their supply chain, BEC is expected to become an even bigger challenge to companies. In fact, threats to companies from BECs could become equivalent to ransomware this year.

There is no doubt that socially engineered attacks will grow in their complexity. The disruption to the working landscape in 2020 due to COVID-19 was a boon to hackers across the globe. As we see progress in regard to vaccines, there still remains high volatility in the logistics of distribution. This is already being exploited by nefarious players and we can expect further evolving methods and increasingly sophisticated approaches from attackers moving forward. 

Experts agree that the prominence of social engineering as a cyber weapon-of-choice in 2020 will continue to heavily leverage different aspects of dealing with the pandemic, such as bogus free COVID-19 tests to dupe users into providing a mailing address, phone number and credit card number with the promise to verify their information and qualify for a free COVID-19 testing offer or by impostering a government agency.

In tandem, as one source puts it, “the ‘New Normal’ mode will also be under attack.” The expected transition back to offices could also lead to additional attacks as cyber thieves exploit this second year of a migrating workplace by targeting employees via social engineering methods as well as attempting to hack personal devices such as mobile phones and laptops. The additional vulnerability of employees in a home office environment can be used as a figurative ‘trojan horse’ to bring malware unsuspected into the workplace.

With the above evolving threats combined with the COVID-19 scenario, we will continue to see new technologies being leveraged and an impact on cybersecurity sector for some time. Also, with the way the new threats are likely to evolve, we expect to see more incidents leading to potentially bigger financial losses in 2021. Therefore, staying safe online will continue to play into a company’s constant dialogue when dealing with their own workforce as well as businesses along the entire value chain.